aboutsummaryrefslogtreecommitdiffstats
path: root/rules
diff options
context:
space:
mode:
authortwesterhever <40121680+twesterhever@users.noreply.github.com>2023-05-26 11:13:38 +0000
committertwesterhever <40121680+twesterhever@users.noreply.github.com>2023-05-26 11:13:38 +0000
commit2fb6b9a2aa5336fe9614a0e3bcfdadb1e0c3322c (patch)
tree7993fad23428f4192a5b678c64dc77d057b251e5 /rules
parent7a0fce60aee0860ef48b6d8e98d413cf540dcf46 (diff)
downloadrspamd-2fb6b9a2aa5336fe9614a0e3bcfdadb1e0c3322c.tar.gz
rspamd-2fb6b9a2aa5336fe9614a0e3bcfdadb1e0c3322c.zip
[Enhancement] Improve detection of Google redirection URLs
The list is derived from Firefox' static HPKP entires, retrieved from: https://searchfox.org/mozilla-central/source/security/manager/ssl/StaticHPKPins.h
Diffstat (limited to 'rules')
-rw-r--r--rules/regexp/headers.lua4
1 files changed, 2 insertions, 2 deletions
diff --git a/rules/regexp/headers.lua b/rules/regexp/headers.lua
index 6be69f6a8..2a75069ac 100644
--- a/rules/regexp/headers.lua
+++ b/rules/regexp/headers.lua
@@ -915,8 +915,8 @@ reconf['HAS_GUC_PROXY_URI'] = {
}
reconf['HAS_GOOGLE_REDIR'] = {
- re = '/\\.google\\.com\\/url\\?/{url}i',
- description = 'Has google.com/url redirection',
+ re = '/\\.google\\.(ac|ad|ae|af|ag|am|as|at|az|ba|be|bf|bg|bi|bj|bs|by|ca|cat|cc|cd|cf|cg|ch|ci|cl|cm|cn|co(|\\.ao|\\.bw|\\.ck|\\.cr|\\.hu|\\.id|\\.il|\\.im|\\.in|\\.je|\\.jp|\\.ke|\\.kr|\\.ls|\\.ma|\\.mz|\\.nz|\\.th|\\.tz|\\.ug|\\.uk|\\.uz|\\.ve|\\.vi|\\.za|\\.zm|\\.zw)|com(|\\.af|\\.ag|\\.ai|\\.ar|\\.au|\\.bd|\\.bh|\\.bn|\\.bo|\\.br|\\.by|\\.bz|\\.cn|\\.co|\\.cu|\\.cy|\\.do|\\.ec|\\.eg|\\.et|\\.fj|\\.ge|\\.gh|\\.gi|\\.gr|\\.gt|\\.hk|\\.iq|\\.jm|\\.jo|\\.kh|\\.kw|\\.lb|\\.ly|\\.mt|\\.mx|\\.my|\\.na|\\.nf|\\.ng|\\.ni|\\.np|\\.nr|\\.om|\\.pa|\\.pe|\\.ph|\\.pk|\\.pl|\\.pr|\\.py|\\.qa|\\.ru|\\.sa|\\.sb|\\.sg|\\.sl|\\.sv|\\.tj|\\.tn|\\.tr|\\.tw|\\.ua|\\.uy|\\.vc|\\.ve|\\.vn)|cv|cz|de|dj|dk|dm|dz|ee|es|fi|fm|fr|ga|ge|gg|gl|gm|gp|gr|gy|hk|hn|hr|ht|hu|ie|im|info|iq|is|it|it\\.ao|je|jo|jobs|jp|kg|ki|kz|la|li|lk|lt|lu|lv|md|me|mg|mk|ml|mn|ms|mu|mv|mw|ne|ne\\.jp|net|nl|no|nr|nu|off\\.ai|pk|pl|pn|ps|pt|ro|rs|ru|rw|sc|se|sh|si|sk|sm|sn|so|st|td|tg|tk|tl|tm|tn|to|tt|ua|us|uz|vg|vu|ws)\\/url\\?/{url}i',
+ description = 'Has google.com/url or alike Google redirection URL',
score = 1.0,
group = 'url'
}